We’ve had several clients who complained that Wi-fi calling wasn’t working properly after we installed a Barracuda Cloudgen Firewall. I had tackled this issue on several occasions, but never was able to get a resolution. Barracuda tech support did not have an answer either. Thanks to a random reddit thread, I found the answer.
On pfsense, make sure to update your UDP multiple state timer. It’s in System->Advanced->Firewall & NAT
By default it is set to 15 seconds, and phones refresh their WiFi Calling tunnels at 60 seconds on iOS, and 60+15 random seconds on Android. You should set it to at least 90 seconds to prevent tunnels from being closed prematurely. I recommend setting it to 900 seconds (15 minutes).
You’ll know you need this if you miss incoming calls, or they randomly go to voicemail, and if you have delays in incoming text messages. You’ll also see sessions with low state timers in Diagnostics: pfTop (filter for “udp port 4500” to see all active WiFi Calling sessions bidirectionally)
In this case, he was using a pfsense firewall, but it’s the same problem. On the Barracuda firewalls, creating a firewall rule with UDP timeouts increased on UDP port 4500 will resolve it.